To summarise, when I try to open any file (even local files) on my XP machine, SVCHOST.EXE sometimes makes requests on Port 80 to the NT machine on my LAN. Both machines are equipped with Sygate, so the copy of Sygate on the NT machine rejects the unsolicited request. Meanwhile back on the XP machine, I have to twiddle my thumbs for ten seconds whilst the request times out. Alternatively, I can run netstat -oa to get the PID of the instance of SVCHOST.EXE causing the problem. Using sysinternal's Process Explorer I can see this is loaded by SERVICES.EXE, so nothing suspect there. However, it would appear that it has loaded some dodgy-looking services - WebClient, UPnP discovery, and RemoteRegistry (which sounds from the description like something I need to remove completely from my system).

Scans with AVG and AdAware have revealed nothing. Following the advice on another post on this forum, I've run AutoStart Viewer on the XP machine, but I don't know what's OK and what's suspect in the output. It's rather long, so I wont post it unless someone asks (you may know the answer without seeing it). Can anyone help me please?

If the connection attempt is from one machine in your LAN to another, it is less likely to be malware related (aside from a worm trying to spread itself). This could be Windows networking related traffic (especially if your NT machine is a Master Browser - see Description of the Microsoft Computer Browser Service for more details on this though most of such traffic uses ports 137-139 rather than 80). The services you describe are actually part of Windows XP and while there are good security reasons for disabling unneeded ones (see BlackViper's site for suggestions), they are not malware in and of themselves.

I would suggest that you do shut down unneeded services and see if this traffic continues. I suspect that the WebClient service is the culprit here.

Just disable the WebClient service, most people have no need for this service. It's for accessing files via Web Distributed Authoring and Versioning (WebDAV). WebDAV isn't currently used that much by most people, especially outside of a corporate environment utilizing something like Microsoft SharePoint. While you are at it, I would go ahead and disable Remote Registry and SSDP Discovery Service as you intuitively noted... they are largely unnecessary for 95+% of the population as well. I believe the following Microsoft Knowledge Base article covers your problem if you would like further detail:

Ahhh ... that's interesting. I had noticed recently that sometimes one or both of these two machines gave a single beep each time I fired them up in the morning. A quick check of the event viewer revealed that they were slogging it out over who was the master broswer. I decided at the time to leave them to it and put it out of my mind. The onset of beeping may have co-incided with the onset of the SVCHOST pb, so given what you say, maybe there's a connection here. As you say though, port 80 is an odd port for it to use. I'll try what you suggest and turn off any of those services that aren't needed and see what happens.

Good to hear that you are getting this issue resolved. You will find that this forum is one of the best out there. As I said on WindowsBBS, Wilders people are pretty sharp. I used to post here a lot, but then got too busy at work.

No, it really shouldn't have anything to do with the Computer Browser service. The Browser service only makes use of the NetBIOS ports (137-139). Rather, you probably have mapped a network share on the NT server. If you have the WebClient service enabled, then apparently even when you are trying to simply use a UNC named share (ie, \\servername\sharename), the network redirector still attempts to forward the request through WebClient as a WebDAV share request. Don't ask me why... I have no earthly idea! From the article I linked to earlier:

In each of these symptoms, the computer must open a network share. The request to open the network share uses the Uniform Naming Convention (UNC) path \\Servername\Sharename\Directory\Filename.ext. The UNC location is first passed to the WebClient service. The WebClient service may try to connect to http://Servername/Sharename. The WebClient service may try to use the Internet extensions for Windows to contact Web Distributed Authoring and Versioning (WebDAV)-enabled servers through the proxy server. The proxy server tries on port 80 to contact the destination server.

OK, and thanks for your help. I do have a mapped network share, but it's been that way for ages. I can't figure out what has suddenly given me a problem. Just before I killed WebClnt I did check the "order of network providers", as described in that link you gave and that was OK. I suspect this is one mystery I'll never get to the bottom of.

BTW, I caught one of the machines beeping this morning. It was just AVG telling me it had updated OK (this appears to run as a service, and AVG7 beeps where AVG6 didn't, explaining the onset of beeping).